IAM managed policy for full access (on path to deprecation)
The AmazonElasticMapReduceFullAccess
managed policy grants all
the required actions for Amazon EMR and other services. The
AmazonElasticMapReduceFullAccess
managed policy is on the path
to deprecation, but not yet deprecated. When the policy is eventually
deprecated, you will not abe able to attach it to a role. However, a role that
already has an attached deprecated policy can still be attached to a cluster.
AmazonElasticMapReduceFullAccess
has been replaced with AmazonEMRFullAccessPolicy_v2 as the Amazon EMR default
managed policy.
The Amazon EMR full permissions default managed policy (AmazonEMRFullAccessPolicy_v2
) and Amazon EMR service policy (AmazonEMRServicePolicy_v2
) are available to replace the soon-to-be-deprecated policy. The v2 policies incorporate new iam:PassRole security configurations, including the following:
iam:PassRole
permissions only for specific default Amazon EMR roles.iam:PassedToService
conditions that allow you to use the policy with only specified AWS services, such aselasticmapreduce.amazonaws.com
andec2.amazonaws.com
.
You can view the JSON version of the AmazonEMRFullAccessPolicy_v2
We recommend that you create new clusters using v2 managed policies.
You can view the contents of this policy using the AWS Management Console link AmazonElasticMapReduceFullAccess
The ec2:TerminateInstances
action in the policy enables the IAM user or
role that assumes this policy to terminate any of the Amazon EC2 instances
associated with the IAM account, even those that are not part of an Amazon EMR cluster.